From 164ad23d4c4132e316432a931d4cf55f0da60cd5 Mon Sep 17 00:00:00 2001 From: "Brian C. Lane" Date: Thu, 16 Jul 2015 17:03:03 -0700 Subject: [PATCH] Create an empty selinux config file (#1243168) In order for selinux to properly label the system it needs to see that the config file exists. Also remove the old code trying to copy in a selinux config file, it never worked -- the removepkg would remove it. --- share/runtime-cleanup.tmpl | 5 +++++ share/runtime-postinstall.tmpl | 3 --- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/share/runtime-cleanup.tmpl b/share/runtime-cleanup.tmpl index 1dc720ccf..88696568f 100644 --- a/share/runtime-cleanup.tmpl +++ b/share/runtime-cleanup.tmpl @@ -26,6 +26,11 @@ removefrom dracut --allbut /usr/lib/dracut/modules.d/30convertfs/convertfs.sh \ /usr/lib/dracut/dracut-initramfs-restore ## we don't run SELinux (not in enforcing, anyway) removepkg checkpolicy selinux-policy libselinux-utils + +## selinux checks for the /etc/selinux/config file's existance +## The removepkg above removes it, create an empty one. See rhbz#1243168 +append etc/selinux/config "" + ## anaconda has its own repo files removefrom fedora-release --allbut /etc/os-release /usr/lib/os-release \ /usr/lib/os.release.d/* diff --git a/share/runtime-postinstall.tmpl b/share/runtime-postinstall.tmpl index 83373bf42..7c6ec4ece 100644 --- a/share/runtime-postinstall.tmpl +++ b/share/runtime-postinstall.tmpl @@ -61,9 +61,6 @@ install ${configdir}/sysctl.conf etc/sysctl.d/anaconda.conf install ${configdir}/spice-vdagentd etc/sysconfig mkdir etc/NetworkManager/conf.d install ${configdir}/91-anaconda-autoconnect-slaves.conf etc/NetworkManager/conf.d -%if exists(root+"/etc/selinux/targeted"): - install ${configdir}/selinux.config etc/selinux/config -%endif ## set up sshd install ${configdir}/sshd_config.anaconda etc/ssh